CVE-2026-44346 — Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-byp

Description

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39.

How to fix CVE-2026-44346

To remediate CVE-2026-44346, upgrade the affected package to a fixed version below.

—upgrade to 1.4.39 or later
—upgrade to 1.4.39 or later

Is CVE-2026-44346 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.4.39
from 0, < 1.4.39

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-44346
PATCHgithub.com/bentoml/BentoML
WEBgithub.com/bentoml/BentoML/security/advisories/GHSA-78f9-r8mh-4xm2
WEBgithub.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44